Development

Cluster TLS guide

Cluster TLS policy is configured on a per-cluster basis via the CR spec provided to etcd-operator.
For etcd's TLS support and requirements, see etcd security guide.
To learn about generating self-signed TLS certs, see this tutorial.

Static cluster TLS Policy

Static TLS means keys/certs are generated by user and passed to operator.

member.serverSecret

server.crt: etcd server's client communication cert.
The certificate should allow wildcard domain *.${clusterName}.${namespace}.svc,
${clusterName}-client.${namespace}.svc, and localhost.
In this case, it is *.example.default.svc, example-client.default.svc, and localhost.
To use more DNS name or IP to access etcd server, please add it here.